Tip

How to monitor network traffic in VMware environments

To monitor physical network traffic, IT pros look into a given network interface. When you move to virtual networks, monitoring traffic can become more difficult -- but this doesn't have to cost you more.

    Requires Free Membership to View

After properly configuring a VMware virtual environment, IT pros can use inexpensive options to monitor network traffic.

You can monitor and then analyze virtual network traffic from within a virtual machine (VM). However, by default, the vSwitch port group security policy denies traffic capture that is not addressed to that specific VM.

Figure 1. WireShark aids analysis of virtual networks.

To capture traffic that is sent within the same ESXi host, configure the virtual switch (vSwitch) and the port group to allow VMs to use promiscuous mode. With promiscuous mode enabled, third-party monitoring software will capture network traffic from within the VM. Free options such as WireShark (Figure 1) fit the bill without taking a bite out of IT's budget.

Switching on promiscuous mode for a vSwitch port group is easy. Select the Configuration tab on the VMware vSphere host in either vCenter Server or vSphere Client and select Networking in the Hardware section. Choose the vSwitch properties and assign the port group for which you're activating promiscuous mode (in the Security tab).

Administrators will need to work a bit harder to monitor network traffic that is sent on the physical network outside of the vSphere host.

The physical switch must support mirroring network traffic, which will be implemented in a different way for each switch brand. In switches, network packets are only sent to the switch port on which the destination Media Access Control (MAC) address is listening. Traffic mirroring puts the switch port into promiscuous mode so that the target switch port can receive all network traffic, not just the network traffic addressed to the associated MAC address.

To finish the configuration, connect the switch port that receives all network traffic to the physical network card. Once these are connected in the VM's ESXi host, you can use that VM to monitor network traffic. The VM will be capable of receiving all traffic sent on the physical network.

With promiscuous mode turned on, you can start analyzing network traffic. Select an interface to start a live packet capture. Packets will pass by at high speed, so if you're looking for specific information, configure a filter that specifies which network traffic should be captured for further analysis.

Your VMware virtual environment is now configured to capture packets on a switched network for further analysis. If you just want to analyze packets sent to VMs on the same host, the procedure is easy and you'll only have to enable promiscuous mode on the vSwitch. But if you also want to analyze packets sent on the physical network, your switch must mirror traffic to a specific switch port before you can capture it from within the VM. Since VMware doesn't provide any specific tools for packet capturing, use third-party tools for virtual network traffic analysis.

This was first published in November 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.